In the wake of the Optus and Medibank data breaches, digital rights groups are urging the federal government to rule out requiring identification documents as part of any online age-verification system, warning it could create a honeypot of people’s personal information and pornography-viewing habits.
The eSafety commissioner, Julie Inman Grant, is developing an online safety “roadmap”, outlining a way to prevent minors from accessing adult content online by ensuring host sites have verified the ages of users.
The commissioner’s report was initially due to the government in December, however, the deadline has now been extended to March next year. Stakeholders were informed of the delay in reporting last week.
A variety of options for age verification has been offered during the roadmap’s development, including the use of third party companies, individual sites verifying ages using ID documents or credit card checks, and internet service providers or mobile phone operators being used to check users’ ages.
Digital rights groups say almost all approaches to age verification will have some level of privacy and security risk.
“Following the Optus and Medibank breaches, millions of people are now acutely aware of the dangers of collecting and storing large amounts of our personal information,” Samantha Floreani, program lead at Digital Rights Watch said.
“Age verification is a terrible combination of being invasive and risky, while also being ineffective for its purported purpose.
“Methods that are less privacy-invasive are easily bypassed by tech-savvy kids, and those that may be more likely to work at restricting access to pornography create massive and disproportionate privacy and digital security risks.”
There was the potential for a new honeypot of people’s identities and porn-viewing habits if these systems were pursued, Floreani said.
“The consequences of a breach of such a system would be devastating,” she said.
Sign up to Guardian Australia’s Morning Mail
Our Australian morning briefing email breaks down the key national and international stories of the day and why they matter
Electronic Frontiers Australia chair, Justin Warren, said EFA has long warned about the privacy and security risks of such a policy.
“A government that claims to be interested in evidence-based policy would listen and act on our advice. Failure to do so suggests that the motivations for increased surveillance and control are ideological,” he said.
A spokesperson for the communications minister, Michelle Rowland, said the Albanese government “supports restricting Australian children from viewing online pornography” but said questions about the roadmap were best directed to the eSafety commissioner.
“The eSafety commissioner is progressing a complex body of work with a wide range of divergent stakeholder views and issues including privacy and security,” the spokesperson said.
The office of the eSafety commissioner was approached for comment.
Other groups have called for an effective ban on online pornography. Anti-porn group Collective Shout called for all pornography to be treated under the same classification as child sexual abuse material or terrorism material, which would be required to be removed or blocked in Australia.
Some companies have already begun implementing age-verification procedures. Google, for example, since March estimates a person’s age using information gathered on that account, such as their search history. If ultimately the company needs to see ID documents, Google has said it deletes those documents after verification.